A multi-tenant application is an application where a single running instance serves many customers. An alternative to multi-tenancy is managed services, where one running instance is set up for each customer. The table below shows a comparison between the two approaches.

Feature

Multi-Tenant Application

Managed Services

Cost Structure

Supports usage based pricing as well as tiered or flat pricing.

Can support only tiered or flat pricing.

Resources

Shared Resources. Resource is allocated based on the actual load for a tenant.

Dedicated resources. Resource is allocated based on perceived load for the tenant and cannot be reassigned to other tenants automatically.

Operation and Maintenance

Manage and administer a single instance for a number of customers

Manage and administer as many instances as customers

Scalable Model

Scalable, since a number of customers are serviced by one instance

Not Scalable. As the number of customers increase the maintenance requirements increases proportionally.

For SaaS products it can be seen that there are a number of benefits if the product is a multi-tenant product. But for an application to benefit by multi-tenancy, it’s architecture should take care of:

Data Isolation

Feature Customization

Execution Environment Isolation

Data Isolation

In an on-premise solution or a managed solution, there exists a dedicated instance of the database for each tenant. But when the product is multi-tenant, the same database can be shared across different tenants. This introduces the complexity of preventing one tenant from accessing the data of another tenant. Data Isolation can be architected in different ways:

Add a Company Id to all the tables and qualify all queries with a company id.

Maintain different databases for different tenants and connect to the correct database at runtime.

Maintain a single database, but different tables for different tenants qualified by the Company Id

A comparison of these three approaches can be seen below.

Feature

Add Company Id

Separate Database

Separate Tables

Data Customization

Not Possible, since only a single definition of table exists for all customers.

Possible since a single table definition exist for each customer.

Possible since a single table definition exists for each customer.

Security

Very Low. Independent developers need to ensure that they add the correct clause to the query. It is possible to create views to mimic the separate table design.

Very high. Since it does not depend on individual developers to access the correct data.

High. With standardized table names, libraries can be added to access correct tables. If correct table is not accessed, no data is available.

Inter-dependency and performance

The data size of one customer affects the performance of other customers

Every customer is affected only by their data size.

Every customer is affected only by their data size.

Scalable Model

Partially scalable. Only one database has to be maintained and configured. But as the number of customers grow, the table sizes grow.

Not Scalable, as the number of customers increase the number of databases to be maintained grows.

Scalable, Only one database has to be maintained, and as customers grow, the number of tables in a database grows.

Customer On-boarding

Easy. No database related tasks need to be done. All tables and columns exist for all customers.

Difficult. A database has to be created and setup. Tables can be created based on what is required.

Medium, Tables have to be created. These can be created on the first access of the table reducing effort.

Feature Customization

In an on-premise or managed service, there exists a dedicated runtime environment for each customer. Any customization required for a customer can be done in the customer code deployed on that environment. But a multi-tenant application cannot follow the same tenet since a single runtime environment, services multiple customers. Hence a multi-tenant application has be architected for feature customization. Customization for a tenant typically falls under one of the following categories:

Data Customization – Addition or removal of columns in the data to be stored

Function Customization – The functionality executed for a specific business event can vary by customers. For eg., on approval of an expense one customer may require emails to be sent, while another customer may not require want it.

Process Customization – The business process can vary for each customer. For eg., one customer may want shipment to integrate into a shipper’s tracking system, while another customer may want the shipment to integrate into a fleet management system.

Licensing Features – The product has multiple licenses which define the functionality that is enabled for the customer.

A few points to consider when architecting for customization in a multi-tenant application are:

Adding, modifying or removing features for one customer should not impact other customers

Features added for one customer may be applicable for other customers. Hence customization cannot be tied to a single customer. The architecture should allow same features to be enabled and disabled easily for other customers.

Licenses can be upgraded or downgraded. Features should be grouped so that they can be easily added or removed from a customer execution environment.

Feature customization can be achieved using flags and configuration parameters, but they tend to get unwieldy and can easily become un-maintainable as the customer size and customization requirements increase.

Another architecture that can be used in customization is to split business functions as discrete modules and string them together at runtime. In SMART, we use the plug and play architecture to achieve different levels of customization.

Execution Environment Isolation

The requirements for Data Isolation and Feature customization implies a execution environment isolation for each tenant. For eg., if we want to achieve “Data Customization”, it means the pojo class that is used to load and save the data needs to be defined differently for different customers. This cannot be done if the same execution environment is used for different tenants, because two versions of the same class cannot be loaded into the same class loader. This also implies that the environment in which the code is deployed cannot be used as the execution environment for all tenants. A new execution environment has to be created for every tenant and the correct data source and code base has to be enabled in the environment.

In java this can be achieved using Non-delegating Class Loaders. A new class loader can be created for each tenant and the licensed code loaded into the class loader allocated for a tenant. This gives us an opportunity to

Deploy code without affecting other tenants in the environment

Enable features for a single tenant without disturbing other tenants

Remove functionality by just recreating the class loader for this tenant with the correct features enabled.

Putting it all together one possible architecture that we can design is as below:

Like this:

Related

Discussion

2 thoughts on “Architecting a Multi-tenant Application”

Feature customization and execution environment isolation are noteworthy features that I would like to try with SMART. I am not aware of existing solutions to build cloud applications with these features. I think most cloud applications now do only data isolation using techniques like VPD.

Looks like the proposed solution of different class loader has significant overhead in terms of memory / cost.
since it actually means in a servlet container to have different web application for each tenant.
or in other words every singleton class will be saved in memory per tenant which increase memory requirement on the machine.